package dj.interceptor.base;

import javax.servlet.http.HttpServletRequest;

import org.apache.struts2.ServletActionContext;

import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.MethodFilterInterceptor;

import dj.Constant;
import dj.pageModel.Puser;

/**
 * 权限拦截器
 */
public class AuthInterceptor extends MethodFilterInterceptor {

	@Override
	protected String doIntercept(ActionInvocation actionInvocation) throws Exception {
		HttpServletRequest request = ServletActionContext.getRequest();
		Puser puser = (Puser) request.getSession().getAttribute(Constant.USER_SESSION);
		if ("admin".equals(puser.getName())) {// admin用户不需要验证权限
			return actionInvocation.invoke();
		}
		String requestPath = request.getRequestURI();
		requestPath = requestPath.substring(requestPath.lastIndexOf("/"));
		if(requestPath.indexOf("admin_") < 0) {
			return actionInvocation.invoke();
		}
//		if(null != puser.getAuthUrls()) {
//			String[] auths = puser.getAuthUrls().split(",");
//			if (auths != null && auths.length > 0) {
//				boolean b = false;
//				for (String a : auths) {
//					if (requestPath.equals(a)) {
//						b = true;
//						break;
//					}
//				}
//				if (b) {
//					return actionInvocation.invoke();
//				}
//			}
//		}
		ServletActionContext.getRequest().setAttribute("msg", "您没有访问此功能的权限！权限路径为[" + requestPath + "]请联系管理员给你赋予相应权限。");
		return "error";
	}

}
